Don’t be a target: Phishing and smishing on the rise Published Aug. 26, 2022 By Sharon Singleton 16th Air Force (Air Forces Cyber) JOINT BASE SAN ANTONIO-LACKLAND, Texas -- You did it, you almost clicked a text, a link, or responded to an email that looked legitimate and potentially gave away personal information to scammers. You are not alone. The criminal act of phishing and smishing are on the rise and people across the Nation are falling for scams daily. Scammers are out to get your personal information and subsequently, access to your money, accounts or credit line. Phishing occurs when scammers use mostly email in an attempt to extract personal information. Smishing occurs when scammers send text messages to gain access to personal information or passwords. Regardless of the medium, scammers may pose as a bank, creditor, warranty business or even a former or current military unit looking to connect with military members. The Office of Special Investigations understands general phishing attempts, but is concerned about attempts to specifically target military members. “Military members are just as vulnerable to falling victim to phishing attacks as the general population. Scammers exploit Airmen’s military affiliation by appearing to represent military agencies like the Defense Finance Accounting Service or appearing as the member’s squadron or wing,” said Jeffrey Sroka, Office of Special Investigations liaison officer, 16th Air Force (Air Forces Cyber). Scammers attempt to lure service members into clicking emails or responding to texts. “These phishing campaigns can be accompanied by identifying information from military units,” said Sroka. “This military connection makes the phishing attempt appear more legitimate.” Phishing and smishing affect Airmen and their families Air Force wide. Recently, a Total Force Airman answered a phone call from what he thought was his bank. The callers spoke professionally and seemed to know his banking information, so he felt comfortable in giving them his account information. The scammers were able to access his account and take $500. The Airman stated the phone call sounded authentic and reasonable. The breech of account caused the Airman to scramble and cancel all of his credit cards and change all of his account passwords. Once scammers have account numbers or information from items like credit cards, they continue to commit additional crimes. They may immediately attempt to make purchases, steal your identity or open credit cards in your name. “It can be very hard to identify the people behind it. They often use burner phones and accounts to hide their true identity, and they’re often located outside the United States,” Sroka said. As scammers become more advanced in their tactics, discerning legitimate communication from phishing and smishing can be a difficult task. Sroka provides several tips to prevent Total Force Airmen from becoming victims of phishing, smishing and other cybercrimes: Be mindful of the information you are putting on social media; the platforms are public. Lockdown your accounts, don’t make them public for everyone to see. Use two-factor identification; if your username and password are compromised, you have a second means of securing your data. Report account violations as soon as possible, cancel or freeze affected credit cards and change passwords of violated accounts. If you are using the same username and password for the account that was compromised anywhere else, you have to assume that all accounts with the same username and passwords could potentially be compromised as well. Do not click on information you are not aware of even if it comes from someone you know. If information does come from someone you know, contact them first before clicking or taking any action. Hit delete; don’t click or respond at all. You can also block numbers placed to your phone. “The best thing to do is to avoid compromise happening in the first place,” said Sroka. “If it does happen, immediately report that you believe your account or identity has been compromised to the proper authority or financial institution.” Violations can be reported to the Federal Trade Commission or the Anti-Phishing Working Group. You can report phishing to APWG by sending email to phishing-report@us-cert.gov. Sroka believes Airmen should be able to focus on the mission and their lives, and not have the stress of canceling credit cards and fixing compromised bank accounts, leading to added stress over finding new ways to pay bills like their rent or mortgage.